i implementing sp initiated web browser saml sso profile in jboss.
my application sp.
after login, expect idp send me encrypted assertion of following format:
<samlp:response...> <ds:signature>... <ds:keyinfo>....</ds:keyinfo> </ds:signature> <samlp:status>...</samlp:status> <saml:encryptedassertion>...</saml:encryptedassertion> </samlp:response> it works fine of idps, have idp sends me:
<saml2p:response...> <saml2p:status>...</saml2p:status> <saml2:encryptedassertion>... <ds:keyinfo>...</ds:keyinfo> </saml2:encryptedassertion> </saml2p:response> and authentication fails since signature missing.
my question is: there standard format of saml 2.0 encrypted assertion can tell idp admin use? or must support both ways?
thanks
according xmlenc standard used in saml2. keyinfo can used. inside encrypted data not inside encrypted assertion.
signature on response optional reflected 5.2 in saml spec
so if case can't make them change not following standard.
Comments
Post a Comment